Security Topic: Physical Security

December 31, 2023 - By Ls

Workplace Physical Security Is an Essential Component of Cybersecurity

While cybersecurity threats sit at the forefront of everyone’s minds, a physical security breach can be every bit as damaging to an organization. In this episode, staring Joey Lawrence as Jeff, we learn about the methods often deployed by bad actors to infiltrate an organization via a physical security breach. Watch to learn more about physical security and what you can do to protect yourself and your organization from these kinds of attacks!

When considering mobile access control, it’s important to understand the advantages and disadvantages from both administrative and user perspectives. IT administrators face growing challenges when it comes to time management. Automation has led to smaller IT teams trying to handle more complex workloads. Consequently, time is at a premium for IT and security professionals.

Mobile keys are particularly useful in settings where users change frequently, and access permissions must be adjusted quickly – this is particularly true on college campuses where there is a constant cycle of matriculating and departing students. If done manually, provisioning these students would mean spending hours activating and deactivating thousands of physical key cards. The result would be a time-consuming process in which administrators must divert resources away from other important tasks.

Enterprise and commercial real estate teams face a similar predicament. When new employees arrive, administrators must distribute credentials in an efficient manner. Traditionally, these credentials would be manually entered into a computer and a physical key card would have to be programmed.

The cloud and mobile access control change this. Instead of a manual process from start to finish, it’s possible to automate provisioning with integrations. Integrations like Okta or Google Workspace allow administrators to preprogram role-based permissions globally, then distribute them to the user’s mobile device in just a few clicks – no key card necessary. From a user perspective, mobile credentialing means less time spent waiting and one less task to have to worry about.

Technology has reached a point where doing this “song-and-dance” routine is impractical, and many IT and security teams are beginning to understand and embrace the concept of going mobile to save time and money.

11 Ways to Better Protect People, Devices, and Data

It’s not all bad news. Employees can help organizations maintain and even improve both physical security and cybersecurity. Here are 10 best practices to consider for your employees.

Safeguard entry points – Employees should help monitor and control who enters the workplace and never share access codes or keys. Experts warn that employees need to be wary of “tailgating,” which is when a criminal takes advantage of an employee holding the door open for the person behind them.
Be vigilant about visitors – All employees should be trained on the proper procedures for handling office visitors. One option is to use the buddy system for all visitors, which could mean requiring employees to escort their visitors in the office at all times. Employees should be encouraged to check the identity of any unaccompanied visitors and escort them back to the appropriate host employee.
Maintain physical control of devices – Criminals are opportunists and often watch for unattended devices, so it’s best for employees to keep mobile devices such as laptops and smartphones with them at all times. Consider using the additional protection of a security cable for laptops to affix them to the desk.
Lock up valuables – Employees should lock purses, wallets, keys, and any other sensitive or valuable items safely in a drawer or cabinet when they are away from their desk or workspace.
Use the clear-desk policy – Consider instituting a clear-desk policy that encourages employees to lock up documents and devices when they aren’t being used. It’s also a good idea for employees to log out of their computer whenever they leave their desk.
Use safe printing practices – Encourage employees to promptly collect any documents from printers and copiers.
Secure sensitive hard copy files – Consider storing all of the company’s paper files that contain sensitive information in a locked cabinet or room. This rule should also apply to any electronic drives or devices in which sensitive information is stored.
Shred documents – Sensitive documents should always be shredded before they are thrown away or recycled.
Report facilities problems – Empower all staff to report any broken or faulty doors, windows, and locks to facilities personnel as soon as possible and to never assume someone else has reported the problem.
Report suspicious activity – The US Department of Homeland Security advises employees to always report suspicious behavior in or near the workplace, including recording and monitoring activities, suspicious people loitering near the business, or extensive questioning by an individual.
Know the response plan – All employees should know the steps to take if equipment or data is lost or stolen. The Federal Trade Commission provides more information on creating a response plan in its guide, Data Breach Response: A Guide for Business.

5 Additional Considerations for HR and Facilities Teams

Experts say one of the best ways to prevent office theft may be to hire the right people. Assuming that is always the goal, below are additional considerations to help create better physical security in your workplace. You may want to consult with your insurance company or local crime prevention officer for additional physical security recommendations for your organization.

Strengthen access controls – Depending on the size of your office, more secure access control could be as simple as a strong lock for your single-point entry or as high-tech as a PIN-entry system or facial recognition.
Issue ID cards – ID cards provide an easy way for reception or security personnel to more quickly monitor everyone entering the building, and it also makes anyone without an ID card more noticeable as they move around the office.
Consider surveillance – Video surveillance can certainly help record a security incident if one occurs, but experts say it also has a psychological impact. Visible cameras and signage can often help deter office crimes.
Create a security culture – Experts say that one of the most important things HR teams can do for an organization’s physical security is to ensure that employees take security seriously. Regular training sessions can help emphasize the importance of good security practices and remind employees how they can contribute to a safer work atmosphere.
Conduct an annual physical security assessment – Experts recommend conducting a physical security assessment on a yearly basis to identify changes in the environment and update technology and practices accordingly.